Authentication is an integral part of our modern, digital lifestyle. It is a universal means of access to our work, to our finances, and to our friends and recreation. Of all the types of authentication available, passwords are still the most common form of authentication in use. Indeed, passwords in one form or another have been utilized since the dawn of computing. This, as this presentation will demonstrate, is not necessarily a good thing.
Simply put, password authentication is full of fail. Furthermore, the level of fail has nothing to do with the length, the complexity, or any other attribute of passwords. The researchers and professionals that have theorized about or created new password schemes- cognitive or picture-based passwords for example- are well intentioned but are only treating the symptoms of an inherently flawed technology.
The purpose of this presentation, then, is to ask discuss why our password authentication is so full of fail, to outline how this fail extends to other authentication methods, and to paint a brief outline of a new paradigm that does not suffer from the same inherent issues.
Jason M. Pittman is currently a doctoral student with research interests in new methods of authentication, artificial life modeling for security, and games-based learning. Jason is an adjunct professor of Information Assurance, teaching young padawans the ways of the Sit...err, Jedi. As well, Jason has ten years of professional experience in security, working on a variety of projects ranging from the technical, compliance & governance, and some fun stuff here too.